Get user names from Word documents

When doing penetration testing, if you need user id's, you can often find them posted on public websites. Many times all you have to do is download documents (.doc, .xls, etc...) from the website and look at the properties for the document.

To find a document on a website, try something like this in Google:site:http://www.owasp.org filetype:doc

That should return Word documents on the OWASP website. At the time of this posting, the second result from that search was "Threat modelling of pharming" by Cheong Kai Wee. If you open that document at look at the properties, you'll see the following:

There are a couple of things that can be learned from these properties:

First, it's likely the logged in user on the windows machine where this was created was "kiwi." You can see that under the template directory. So if you found this document on a companies website (instead of OWASP, which I figured would be a safe test case), you would likely have a user id for that network.

In addition, you can see that the author's name is listed as "kiwijuice." Many times this is also the user id, but sometimes I've also found that it contains good password fodder. For example, one time in the past I did this on a penetration test and found enough information to get both a username and password on the first guess.